Drupal’s authentication process can be expensive and difficult to scale. What do you do when you need to plan for an unknown but large number of authenticated users?

This presentation will show you the approach we took on the new D8 based wholefoodsmarket.com to allow Drupal to work with lots of authenticated users without taking down servers. We'll walk you through how we used an approach called session-less authentication to avoid database calls and the ways we are storing PII user data outside of Drupal.

What’s Covered?

Why scaling authenticated traffic is hard?

What is sessionless auth?

How can you use it to manage a single login to multiple sites, e.g. D7/D8?

Working with an external auth provider (Janrain)

PIIaaS! Storing PII as a Service in an API.

Proxying web-service calls - don’t do it!

How to delegate oauth tokens so your browsers connect to APIs directly